Dominique wrote: > afl-fuzz found a bug in vim-7.4.2354 and older. > Default vim in xubuntu-14.04 (vim-7.4.52) also has > the bug, so it's an old bug. > > $ cat <<EOF >bug.vim > func X() > s/^/a/ > / > endfunc > call X() > q! > EOF > > $ valgrind --num-callers=30 vim -u NONE -i NONE -S bug.vim 2>log > > And log file contains: > > ==10163== Memcheck, a memory error detector > ==10163== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==10163== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info > ==10163== Command: vim -u NONE -i NONE -S bug.vim > ==10163== > ==10163== Invalid read of size 1 > ==10163== at 0x8060A3D: skipwhite (charset.c:1522) > ==10163== by 0x80B9F0A: get_address (ex_docmd.c:4593) > ==10163== by 0x80B5A00: do_one_cmd (ex_docmd.c:2179) > ==10163== by 0x80B3DA0: do_cmdline (ex_docmd.c:1110) > ==10163== by 0x820129A: call_user_func (userfunc.c:893) > ==10163== by 0x820220E: call_func (userfunc.c:1353) > ==10163== by 0x82002C1: get_func_tv (userfunc.c:455) > ==10163== by 0x8205944: ex_call (userfunc.c:2981) > ==10163== by 0x80B6FF7: do_one_cmd (ex_docmd.c:2962) > ==10163== by 0x80B3DA0: do_cmdline (ex_docmd.c:1110) > ==10163== by 0x80B1CE5: do_source (ex_cmds2.c:4110) > ==10163== by 0x80B13DD: cmd_source (ex_cmds2.c:3723) > ==10163== by 0x80B133B: ex_source (ex_cmds2.c:3698) > ==10163== by 0x80B6FF7: do_one_cmd (ex_docmd.c:2962) > ==10163== by 0x80B3DA0: do_cmdline (ex_docmd.c:1110) > ==10163== by 0x80B3465: do_cmdline_cmd (ex_docmd.c:715) > ==10163== by 0x823BEE0: exe_commands (main.c:2896) > ==10163== by 0x82392A2: vim_main2 (main.c:781) > ==10163== by 0x8238BC3: main (main.c:415) > ==10163== Address 0x54f13dc is 0 bytes after a block of size 4 alloc'd > ==10163== at 0x402C19C: malloc (in > /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) > ==10163== by 0x8123BC1: lalloc (misc2.c:942) > ==10163== by 0x8123AB1: alloc (misc2.c:840) > ==10163== by 0x812407D: vim_strsave (misc2.c:1285) > ==10163== by 0x8205E46: get_func_line (userfunc.c:3188) > ==10163== by 0x80B3B2C: do_cmdline (ex_docmd.c:1006) > ==10163== by 0x820129A: call_user_func (userfunc.c:893) > ==10163== by 0x820220E: call_func (userfunc.c:1353) > ==10163== by 0x82002C1: get_func_tv (userfunc.c:455) > ==10163== by 0x8205944: ex_call (userfunc.c:2981) > ==10163== by 0x80B6FF7: do_one_cmd (ex_docmd.c:2962) > ==10163== by 0x80B3DA0: do_cmdline (ex_docmd.c:1110) > ==10163== by 0x80B1CE5: do_source (ex_cmds2.c:4110) > ==10163== by 0x80B13DD: cmd_source (ex_cmds2.c:3723) > ==10163== by 0x80B133B: ex_source (ex_cmds2.c:3698) > ==10163== by 0x80B6FF7: do_one_cmd (ex_docmd.c:2962) > ==10163== by 0x80B3DA0: do_cmdline (ex_docmd.c:1110) > ==10163== by 0x80B3465: do_cmdline_cmd (ex_docmd.c:715) > ==10163== by 0x823BEE0: exe_commands (main.c:2896) > ==10163== by 0x82392A2: vim_main2 (main.c:781) > ==10163== by 0x8238BC3: main (main.c:415) > > I can try to debug it this weekend.
I like to get fixes in ASAP before the Vim 8 release. I'll look into it, I probably already found it, need to do some tests. Oh, after writing a test for this I see another failure... -- >From the classified section of a city newspaper: Dog for sale: eats anything and is fond of children. /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
